`noCode: true` mounts the APEX with MS_NOEXEC

This change adds a new property noCode to the apex manifest. When the property is set to true, the APEX is mounted with MS_NOEXEC to prevent execution of code from the APEX. This can be used for data-only APEXes like the timezone APEX or bootanim APEX. Bug: 129030458 Test: atest apex_manifest_test atest apexservice_test Change-Id: Iee1087036d4783f4b77483df026e1509f3c3266c
author: Jiyong Park <jiyong@google.com> 2019-06-03 10:15:50 +0900
committer: Jiyong Park <jiyong@google.com> 2019-06-03 21:52:43 +0900
commit: 361fed27e39378072baf6afcffeb6d0cb4f3fbe2 (patch)
tree: 5036fb34d91633eb4e2e8dbed0df755578a533c3 /apexer/apex_manifest.py
parent: b1d81b8920af9afd3e52f798e69f54b327135ed7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/apexer/apex_manifest.py b/apexer/apex_manifest.py
index d75d95b..216dcd0 100644
--- a/apexer/apex_manifest.py
+++ b/apexer/apex_manifest.py
@@ -35,4 +35,6 @@ def ValidateApexManifest(manifest_raw):
 		raise ApexManifestError("'name' field is required.")
 	if manifest_pb.version == 0:
 		raise ApexManifestError("'version' field is required.")
+        if manifest_pb.noCode and (manifest_pb.preInstallHook or manifest_pb.postInstallHook):
+		raise ApexManifestError("'noCode' can't be true when either preInstallHook or postInstallHook is set")
 	return manifest_pb
author	Jiyong Park <jiyong@google.com>	2019-06-03 10:15:50 +0900
committer	Jiyong Park <jiyong@google.com>	2019-06-03 21:52:43 +0900
commit	361fed27e39378072baf6afcffeb6d0cb4f3fbe2 (patch)
tree	5036fb34d91633eb4e2e8dbed0df755578a533c3 /apexer/apex_manifest.py
parent	b1d81b8920af9afd3e52f798e69f54b327135ed7 (diff)